Home

Privacy Policy

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data means any data that can be used to identify you personally. For detailed information on data protection, please refer to my privacy policy listed below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the section “Information on the controller” in this privacy policy.

How do I collect your data?

On the one hand, your data is collected when you provide it to me. This may include, for example, data you enter into a contact form.

Other data is collected automatically by my IT systems when you visit the website, either automatically or with your consent. This is primarily technical data (e.g. internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

What do I use your data for?

Some of the data is collected to ensure the website is provided without errors. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other service inquiries.

What rights do you have regarding your data?

You have the right at any time to receive information free of charge about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can withdraw this consent at any time with effect for the future. In addition, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

You can contact me at any time regarding this and with further questions on the topic of data protection.

Analytics tools and third-party tools

When visiting this website, your browsing behavior may be statistically evaluated. This is done primarily with so-called analysis programs. Detailed information on these analysis programs can be found in the following privacy policy.

2. Hosting

I host the content of my website with the following provider:

External hosting

This website is hosted externally. The personal data collected on this website is stored on the host’s / hosts’ servers. This may include in particular IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website accesses, and other data generated via a website.

External hosting is carried out for the purpose of fulfilling a contract with my prospective and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast, and efficient provision of my online services by a professional provider (Art. 6(1)(f) GDPR). If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

My host(s) will process your data only to the extent necessary to fulfill their performance obligations and will follow my instructions regarding this data.

I use the following host(s):

xHosts

3. General information and mandatory information

Data protection

The operator of these pages takes the protection of your personal data very seriously. I treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data means data that can be used to identify you personally. This privacy policy explains what data I collect and what I use it for. It also explains how and for what purpose this is done.

Please note that data transmission over the internet (e.g. when communicating by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Information on the controller

The controller responsible for data processing on this website is:

Kaiyu Huang
Spatzenweg 11
85238 Petershausen
Phone: 015159482500
Email: info@kaiyu-huang.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Storage duration

Unless a more specific storage period is stated within this privacy policy, your personal data will remain with me until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless I have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.

General information on the legal bases for data processing on this website

If you have consented to data processing, I process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data pursuant to Art. 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g. via device fingerprinting), data processing is additionally based on § 25(1) TDDDG. Consent can be withdrawn at any time. If your data is required for contract performance or to carry out pre-contractual measures, I process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, if processing is necessary to comply with a legal obligation, I process your data on the basis of Art. 6(1)(c) GDPR. Data processing may also be based on my legitimate interest pursuant to Art. 6(1)(f) GDPR. The relevant legal bases in each individual case are described in the following sections of this privacy policy.

Recipients of personal data

In the course of my business activities, I work with various external parties. In some cases, it is necessary to transfer personal data to these external parties. I only disclose personal data to external parties if this is necessary for contract performance, if I am legally obliged to do so (e.g. disclosure of data to tax authorities), if I have a legitimate interest in the disclosure pursuant to Art. 6(1)(f) GDPR, or if another legal basis permits the disclosure. When using processors, I only disclose my customers’ personal data on the basis of a valid data processing agreement. In the case of joint processing, an agreement on joint processing will be concluded.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can withdraw consent you have already given at any time. The lawfulness of the data processing carried out up to the withdrawal remains unaffected by the withdrawal.

Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RELEVANT LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, I WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS I CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement. This right exists without prejudice to any other administrative or judicial remedies.

Right to data portability

You have the right to have data that I process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Information, rectification and deletion

Within the framework of the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of data processing and, if applicable, a right to rectification or deletion of this data. For this and further questions on the subject of personal data, you can contact me at any time.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact me at any time for this purpose. The right to restriction of processing applies in the following cases:

  • If you dispute the accuracy of your personal data stored by me, I usually need time to verify this. For the duration of the verification, you have the right to request restriction of the processing of your personal data.
  • If the processing of your personal data was/is unlawful, you can request restriction of data processing instead of deletion.
  • If I no longer need your personal data, but you need it to establish, exercise or defend legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection pursuant to Art. 21(1) GDPR, a balancing of your interests and mine must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent, or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

SSL / TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to me as the site operator. You can recognize an encrypted connection by the fact that the browser’s address line changes from “http://” to “https://” and by the lock symbol in your browser.

If SSL or TLS encryption is enabled, the data you transmit to me cannot be read by third parties.

Objection to promotional emails

The use of contact data published as part of the legal notice requirement for sending unsolicited advertising and information materials is hereby objected to. The operators of these pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam emails.

4. Data collection on this website

Cookies

My websites use so-called “cookies”. Cookies are small data packets and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

Cookies can be set by me (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services provided by third-party companies within websites (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies may be used to evaluate user behavior or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide certain functions you request (e.g. for the shopping cart function), or to optimize the website (e.g. cookies for measuring the web audience) (necessary cookies) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is stated. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent for storing cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); consent can be withdrawn at any time.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

You can find out which cookies and services are used on this website in this privacy policy.

5. Analytics tools and advertising

WP Statistics

This website uses the analytics tool WP Statistics to statistically evaluate visitor access. The provider is Veronalabs, Tatari 64, 10134, Tallinn, Estonia (https://veronalabs.com).

With WP Statistics, I can analyze how my website is used. WP Statistics records, among other things, log files (IP address, referrer, browser used, user’s origin, search engine used) and actions carried out by website visitors on the site (e.g. clicks and views).

The data collected with WP Statistics is stored exclusively on my own server.

This analytics tool is used on the basis of Art. 6(1)(f) GDPR. I have a legitimate interest in the anonymized analysis of user behavior in order to optimize both my online offering and my advertising. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

6. Processing of personal data

Maintaining patient records As a therapist, I am legally obliged under § 630f BGB to maintain a patient record. This record documents all measures and results that are professionally relevant for current and future treatment (e.g. medical history, diagnoses, examinations, test results, findings, therapy recommendations and outcomes).

Legal basis for processing The processing of these special categories of personal data (health data) is based on:

  • Art. 6(1)(c) GDPR (compliance with a legal obligation), as I am legally required to document.
  • Art. 9(2)(h) GDPR (healthcare/treatment) in conjunction with § 22(1) No. 1 b) BDSG, as the data is necessary for medical diagnosis, care, or treatment in the healthcare sector.
  • Art. 6(1)(b) GDPR for the performance of the treatment contract.

Storage duration (retention period) I am legally obliged to retain your patient record for a period of 10 years after completion of treatment (§ 630f(3) BGB). After this period has expired, your data will be deleted or blocked, unless other statutory retention obligations prevent this.

Confidentiality and security The patient record is kept confidential. The data is protected against unauthorized access by technical and organizational measures. Disclosure to third parties (e.g. doctors, health insurance providers) only takes place if legally required or if you have expressly consented.

Access: You have the right at any time to request access to the documentation kept about you (patient record or coaching record). Upon request, I will provide you with copies of the documents (if applicable against reimbursement of copying costs).

Deletion for coaching: If the service is purely coaching (no medical treatment), your data will be deleted at any time upon your request, provided no statutory retention obligations (e.g. retention of invoices under tax law) prevent this.

Restricted deletion for therapy: For therapeutic services, I am legally obliged to document and to comply with the 10-year retention period (§ 630f(3) BGB). In this case, a deletion request can only be fulfilled after this statutory period has expired. Until then, however, you have the right to have the data restricted (blocked) for other purposes.

7. Appointment booking

You can book appointments via my website. For this purpose, I use the service Cal.com, provided by Cal.com, Inc., 2041 East St, #200, Concord, CA 94520, USA. To book an appointment, you enter your data (e.g. name, email address, phone number) into the input form. This data is transferred to Cal.com and stored there. Data processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR) and for the implementation of pre-contractual measures (Art. 6(1)(b) GDPR). Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://cal.com/privacy.

8. Video conferences

For communication with my clients, I use online conferencing tools. When you communicate with me via video or audio conference, your personal data (name, email, IP address, technical device data, and the content of communication) will be collected and processed by me and by the provider of the respective conferencing tool. Processing is carried out on the basis of Art. 6(1)(b) GDPR (contract performance) and in the interest of effective delivery of the consultation (Art. 6(1)(f) GDPR). I use the following providers:

  • Google Meet
  • Zoom
  • Microsoft Teams

9. Data processing

Google services (Google Workspace) are used for organization, email communication, and appointment management. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you contact me by email or appointments are entered into my calendar, this data is stored on Google’s servers. This serves the efficient management of my business activities (Art. 6(1)(f) GDPR) and the fulfillment of our contractual arrangements (Art. 6(1)(b) GDPR). Further information on how Google handles user data can be found in Google’s privacy policy: https://policies.google.com/privacy.



10. Documentation of coaching hours for ICF certification

For my certification with the International Coaching Federation (ICF), it is necessary to complete and document a certain number of coaching hours. For this purpose, the ICF requires maintaining a coaching log, which may be reviewed in individual cases.

In accordance with the General Data Protection Regulation (GDPR), I ask my clients for consent to collect and store the following data:

  • Client’s name
  • Contact information (email address)
  • Number of coaching sessions conducted
  • Dates of the sessions

This information may be shared with ICF staff upon request, solely for the purpose of verifying the authenticity of the coaching relationship between the client and me.

No details of coaching conversations, personal notes, or confidential details from sessions will be disclosed to any third party — including the ICF. Both I and the ICF treat all transmitted data with strict confidentiality.

By participating in coaching, the client agrees that the above-mentioned data may be collected, stored, and, if necessary, shared to the extent described for the purpose of providing evidence within the framework of ICF certification.

Consent may be withdrawn at any time with effect for the future. You also have the right to request the deletion of stored personal data, provided that no statutory retention obligations prevent this.